Results 1 to 5 of 5

Thread: help found weird file in my system Possibly hacked

  1. #1
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default help found weird file in my system Possibly hacked

    Hi all, for a while Ive seen hundreds of attempts via ssh against my system. They finally stop and this could mean only two things my security measures are working "NOT" or they actually got in. In any case browsing around my system for suspicious changes I found a file "agent.4015" on my tmp folder. This file denies read privileges to root and Im afraid to chmod until I know for sure what it is. Has anybody ever encounter anything like it.

    Any help is appreciated thanks...
    Hmmmm I wonder how long before im good at this????????????

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,022
    Blog Entries
    3

    Default Re: help found weird file in my system Possibly hacked

    If you are running ssh-agent, then that is probably a domain socket that allows ssh commands to contact the running agent. If you have a $HOME/.ssh directory, then I think ssh-agent is automatically started except by gnome (which uses its own agent program).

    If the file is not owned by somebody who normally logs in, then it could also come from agent forwarding by somebody who managed to login remotely.

  3. #3
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,613

    Default Re: help found weird file in my system Possibly hacked

    When you want any comment from us about the properties of that file show them:
    Code:
    ls -l /tmp/agent.4015
    Showing things with computer input/output is much better then talking endless lines which no precise information at all.
    Henk van Velden

  4. #4
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Re: help found weird file in my system Possibly hacked

    Quote Originally Posted by nrickert View Post
    If you are running ssh-agent, then that is probably a domain socket that allows ssh commands to contact the running agent. If you have a $HOME/.ssh directory, then I think ssh-agent is automatically started except by gnome (which uses its own agent program).

    If the file is not owned by somebody who normally logs in, then it could also come from agent forwarding by somebody who managed to login remotely.
    Thank you. nrickert it seems that you are right about the agent forwarding by an attacker. In any case I couldnt compromise the data in the server so I had to rebuild it this morning I really thank you for answering.
    Hmmmm I wonder how long before im good at this????????????

  5. #5
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Re: help found weird file in my system Possibly hacked

    Quote Originally Posted by hcvv View Post
    When you want any comment from us about the properties of that file show them:
    Code:
    ls -l /tmp/agent.4015
    Showing things with computer input/output is much better then talking endless lines which no precise information at all.
    yes that makes a lot of sense I should have done that. Thank you I will for sure next time...
    Hmmmm I wonder how long before im good at this????????????

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •